Omniscia Tokemak Network Audit

Manager Manual Review Findings

MAN-01M: Unsanitized State Transition

Type	Severity	Location
Logical Fault	Minor	Manager.sol:L299-L303

Description:

The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.

Example:

contracts/manager/Manager.sol

299function setEventSend(bool _eventSendSet) external override onlyAdmin {
300    _eventSend = _eventSendSet;
301
302    emit EventSendSet(_eventSendSet);
303}
304
305function setupRole(bytes32 role) external override onlyAdmin {
306    _setupRole(role, _msgSender());
307}
308
309function encodeAndSendData(bytes32 _eventSig) private onEventSend {
310    require(address(destinations.fxStateSender) != address(0), "ADDRESS_NOT_SET");
311    require(destinations.destinationOnL2 != address(0), "ADDRESS_NOT_SET");
312
313    bytes memory data = abi.encode(CycleRolloverEvent({
314        eventSig: _eventSig,
315        cycleIndex: currentCycleIndex,
316        timestamp: currentCycle
317    }));
318
319    destinations.fxStateSender.sendMessageToChild(destinations.destinationOnL2, data);
320}

Recommendation:

We advise such sanitization to be imposed via corresponding require checks as otherwise the _completeRollover function will become inexecutable.

Alleviation:

The function can now only be executed when the destinations.destinationOnL2 value has been set.

Omniscia Tokemak Network Audit

Manager Manual Review Findings

Manager Manual Review Findings

MAN-01M: Unsanitized State Transition

Description:

Example:

Recommendation:

Alleviation:

EthPool.sol (EPL-M)

OnChainVoteL1.sol (OCV-M)

On this page